<?php

session_start();

if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {

    header("Location: login.php");
}

//==========================================
//	ESCAPE DANGEROUS SQL CHARACTERS
//==========================================
function quote_smart($value, $handle) {

    if (get_magic_quotes_gpc()) {
        $value = stripslashes($value);
    }

    if (!is_numeric($value)) {
        $value = "'" . mysql_real_escape_string($value, $handle) . "'";
    }
    return $value;
}
//
$_SESSION['Trace'] = "";
$_SESSION['DataType'] = "";
//
if ($_SERVER['REQUEST_METHOD'] == 'POST') {

    $lendername = $_POST['lendername'];

    $lendername = htmlspecialchars($lendername);

    //==========================================
    //	CONNECT TO THE LOCAL DATABASE
    //==========================================
    $user_name = "root";
    $pass_word = "haddons";
    $database = "PPI";
    $server = "127.0.0.1";

    $db_handle = mysql_connect($server, $user_name, $pass_word);
    $db_found = mysql_select_db($database, $db_handle);

    if ($db_found) {
        header("Location: FormSearch.php?Form=LenderForm&Title=&Table=lenders&Filter=LenderName:" . $lendername . "&OrderBy=LenderName");
        /*$q_lendername = quote_smart("%" . $lendername . "%", $db_handle);
        $SQL = "SELECT * FROM lenders WHERE LenderName LIKE $q_lendername";
        $result = mysql_query($SQL);
        $num_rows = mysql_num_rows($result);

        //====================================================
        //	CHECK TO SEE IF THE $result VARIABLE IS TRUE
        //====================================================

        if ($result) {
            /*include 'i_head.php';
            print "<p><table id=\"form\" align=\"center\" cellspacing=\"4\"cellpadding=\"2\">";
            if ($num_rows > 0) {
                while ($db_field = mysql_fetch_assoc($result)) {
                    //$pline = "<tr><td><A href=\"./Lender.php?lender_ID=" . $db_field['ID'] . "\">" . $db_field['ID'] . "</A></td>";
                    $pline = "<tr><td><A href=\"./Form.php?Form=LenderForm&Title=&Table=lenders&ID=" . $db_field['ID'] . "\">" . $db_field['ID'] . "</A></td>";
                    $pline = $pline . "<td>" . $db_field['LenderName'] . "</td><td> " . $db_field['Address1'] . "</td>";
                    $pline = $pline . "<td>" . $db_field['Address2'] . " " . $db_field['Address3'];
                    if ($db_field['City']) {
                        $pline = $pline . ", " . $db_field['City'];
                    }
                    $pline = $pline . "</td>";
                    $pline = $pline . "<td>" . $db_field['Postcode'] . "</td></tr>";
                    print $pline;
                }
            
            } else {
                $message = "<tr><td>no matches!</td></tr>";
                print $message;
                //session_start();
                //$_SESSION['login'] = "";
                //header("Location: signup.php");
            }
            $pline = "<tr><td colspan=\"4\"><A href=\"./Lender.php?lender_ID=NEW\"><b>+</b></A></td></tr>";
            print $pline;
            print "</table>";
            include 'i_foot.html';
            
        } else {
            $errorMessage = "Error logging on";
        }*/

        mysql_close($db_handle);
    } else {
        $errorMessage = "Error connecting to database";
    }
} else {

    include 'i_head.php';
    include 'i_LenderSearch.html';
    include 'i_foot.html';
}
?>